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A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) OR THIRTY (30) DAYS, 
WHICHEVER IS LONGER, FROM THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1 .136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 133). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1.704(b). 

Status 

1)13 Responsive to communication(s) filed on 25 September 2007 . 
2a)K This action is FINAL. 2b)D This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 11, 453 O.G. 213. 

Disposition of Claims 

4) E3 Claim(s) 1-20 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) D Claim(s) is/are allowed. 

6) IEl Claim(s) 1-20 is/are rejected. 

7) D Claim(s) is/are objected to. 

8) Q Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

£))□ The specification is objected to by the Examiner. 

10)D The drawing(s) filed on is/are: a)D accepted or b)D objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1.85(a). 

Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 
11 )□ The oath or declaration is objected to by the ExaminerNote the attached Office Action or form PTO-152. 
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application from the International Bureau (PCT Rule 17.2(a)). 
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DETAILED ACTION 

Response to Arguments 

Applicant's arguments, with respect to "Wherein" objections, and have been fully 
considered and is persuasive. The objection has been withdrawn. 

Applicant's arguments, with respect to "the "double patenting rejection has been fully 
considered and is persuasive. The rejection has been withdrawn. 

Applicant's arguments filed 9/25/2007 have been fully considered but they are not 
persuasive. Applicant argues that Cathey does not teach separate matching tables, and 
Holdsworth does not teach a multilevel tree representation of an ACL thus the references 
are incompatible. 

The examiner asserts that Holdsworth is merely relied upon to show separate matching 
ACL tables and that this teaching is very much compatible with the ACL tree as taught in 
Cathey. 

The applicant argues that Cathey teaches unique linked braches which teaches away from 
separate matching tables. The examiner counters that although branches may be unique, 
this does not necessarily teach away from matching tables. For instance, tables may be 
matching on some leaves, but different on others, thus making the branches unique. 



The rejection below is substantially similar to the previous nonfinal rejection: 
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Claim Rejections - 35 USC § 103 
Claims 1, 3-9, 11, 12, 15, 17, and 20 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over in view of Cathey US 2002/0085560 in view of Holdsworth US 
2003/0188198 

As per claim 1 , Cathey teaches determining a plurality of rules (packet classification), 
each of at least a subset of the rules having a plurality of fields (extracted fields of header 
data) and a corresponding action (identify application programs to execute); and 
processing the rules to generate a multi-level tree representation (classification logic is 
configured as a decision tree), (Fig 5B, [0052], [0061], [0063]). Cathey teaches each of 
one or more of the levels of the tree representation being associated with a corresponding 
one of the fields (level one associated with source address, level two associate with 
destination address) [0063]. Cathey teaches at least one level of the tree representation 
other than a root level of the tree representation comprises a plurality of nodes (Header 
Check 2, Fig 5B, [0063], Cathey teaches at least two of the nodes at that level each 
having a separate matching table associated therewith (header check 2 checks Internet 
Protocol Destination Address and compares to predefined data, and address 
tables),([0063], [0067], [0078]). 
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Cathey fails to teach access control lists or explicitly state separate matching tables. 

Holdsworth teaches access control lists and separate matching tables (each node may 
have its own acl) [0048]. 

It would have been obvious to one of ordinary skill in the art to use the ACL of 
Holdsworth with the decision levels and fields of Cathey because it allows security and 
access control to be performed to enhance network safety. 

As per claim 3, Cathey teaches the plurality of fields comprises at least first and second 
fields, the first field comprising a source address field and the second field comprising a 
destination address field [0063]. 

As per claim 4, Cathey teaches a final level of the tree representation comprises a 
plurality of leaf nodes (packet classification), each associated with one of the actions 
(choosing an application) of the plurality of rules (Fig 5B, [0063], [0083]). 

As per claim 5, Cathey teaches the root level of the tree representation includes a 
plurality of field values, each corresponding to a distinct source address in a first field of 
the plurality of rules (header check 1 at the rood may include a source address, compared 
to predefined source address table, ([0063] [0076]). 

As per claim 6, Cathey teaches a second level of the tree representation includes a 
plurality of nodes, each being associated with a subtree of a given one of the distinct 
source addresses of the root level of the tree (Fig 5B, [0063]). 
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As per claim 7. Cathey teaches a given one of the second level subtrees identifies one or 
more destination addresses to be examined if the corresponding root level source address 
matches a source address of a given received packet, (header check 2 at the node may 
include a destination address, (Fig 5B [0063]). 

As per claim 8. Holdsworth teaches a matching table at a given level of the tree 
representation other than a root level of the tree representation comprises at least a 
portion of a subtree identified by a particular field value from an immediately previous 
level (nodes may inherit parent ACL lists) [0058]. 

As per claim 9. Cathey teaches the tree representation is generated by associating a first 
node at the root level with a given value in a first field (source address) of one of the 
plurality of rules (packet classification), and then processing remaining field values 
(destination address) sequentially, with each value in turn being compared to one or more 
existing values (predetermined information) at the appropriate node(s) of the tree 
representation to determine if a match exists, and associating that value with a matching 
table (address table) at one of the nodes of the tree representation based at least in part on 
the determination (Fig 5B, [0063], [0067], [0078]. 

As per claim 1 1 . Holdsworth teaches the corresponding actions include at least an accept 
action and a deny action (allow, deny) [005 1 ] . 

As per claim 12, Cathey teaches the step of storing at least a portion of the tree 
representation in memory circuitry accessible to the processor (stored in IRAM 
connected to packet classification engine) [0030]. 
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As per claims 15, and 20 Cathey teaches a processor having memory circuitry associated 
therewith; the memory circuitry being configured for storing at least a portion of a multi- 
level tree representation (stored in IRAM connected to packet classification engine) 
[0030]. 

Cathey teaches each of one or more of the levels of the tree representation being 
associated with a corresponding one of the fields; (extracted fields of header data). 
Cathey teaches the processor being operative to utilize the stored tree representation to 
perform a function (classify) [0030]. Cathey teaches at least one level of the tree 
. representation other than a root level of the tree representation comprises a plurality of 
nodes, (Header Check 2, Fig 5B, [0063] Cathey teaches at least two of the nodes at that 
level each having a separate matching table associated therewith (header check 2 checks 
Internet Protocol Destination Address and compares to predefined data, and address 
tables),([0063], [0067], [0078]). 

Cathey fails to teach access control lists or explicitly state separate matching tables. 

Holdsworth teaches access control lists and separate matching tables (each node may 
have its own acl) [0048] . 

It would have been obvious to one of ordinary skill in the art to use the ACL of 
Holdsworth with the decision levels and fields of Cathey because it allows security and 
access control to be performed to enhance network safety. 
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As per claim 1 7. Cathey teaches the memory may be integrated with the classification 
engine on a controller [0040]. 

Claim 2 is rejected under 35 U.S.C. 103(a) as being unpatentable over in view of 
Cathey US 2002/0085560 in view of Holdsworth US 2003/0188198 in view of Miller 
US 2003/0005146 



As per claim 2, the previous Cathey-Holdsworth combination does not teach longest 
prefix matching. Miller teaches using the longest prefix matching (LPM) method, 
[0031]. 

It would have been obvious to one of ordinary skill in the art to use the LPM method of 
miller with the system of Cathey-Holdsworth to improve matching efficiency, [0015]. 



Claims 10, 13, 14, 16, 18, and 19 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over in view of Cathey US 2002/0085560 in view of Holdsworth US 
2003/0188198 in view of Gai US 6,651,096. 

As per As per claim 10, the previous Cathey-Holdsworth combination does not teach 
each of at least a subset of the nodes of the tree representation having values in the 
matching table are arranged in order of decreasing specificity. 

Gai teaches each of at least a subset of the nodes of the tree representation having a 
separate matching table associated therewith, values in the matching table are arranged in 
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order of decreasing specificity ( wildcards increase down the list) (Fig 5A Source 
Address). 

It would have been obvious to one of ordinary skill in the art to use the list of Gai with 
the system of Cathey-Holdsworth in order to filter in order of desire. 

As per claim 13, the previous Cathey-Holdsworth combination does not teach the 
hardware and CPU used in implementing an ACL. 

Gai teaches the step of utilizing the stored tree representation to perform an access 
control list based function in the processor (teaches using ACL stored in CAM with CPU) 
(Col 4 lines 10-25). 

It would have been obvious to one of ordinary skill in the art to use the hardware of Gai 
with the system of Cathey-Holdsworth because a CPU is necessary to implement 
software. 

As per claim 14. Gai teaches the access control list based function comprises packet 
filtering (receipt and action for packet) (Col 4 lines 30-36). 

As per claim 16. Gai teaches the access control list based function comprises packet 
filtering (receipt and action for packet) (Col 4 lines 30-36). 

As per claim 18, Gai teaches the processor comprises a network processor (intermediate 
network device CPU) (Col 4 lines 7-10). 
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As per claim 19. Gai teaches the processor comprises an integrated circuit (CPU) (Col 4 
lines 7-10). 

Conclusion 

THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time 
policy as set forth in 37 CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the 
advisory action. In no event, however, will the statutory period for reply expire later than 
SIX MONTHS from the mailing date of this final action. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Christopher J. Brown whose telephone number is 
(571)272-3833. The examiner can normally be reached on 8:30-6:00. 
If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Kambiz Zand can be reached on (571)272-381 1. The fax phone number for 
the organization where this application or proceeding is assigned is 571-273-8300. 
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Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published 
applications may be obtained from either Private PAIR or Public PAIR. Status 
information for unpublished applications is available through Private PAIR only. For 
more information about the PAIR system, see http://pair-direct.uspto.gov. Should you 
have questions on access to the Private PAIR system, contact the Electronic Business 
Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO 
Customer Service Representative or access to the automated information system, call 
800-786-9199 (IN USA OR CANADA) or 571-272-1000. 

Christopher J. Brown 1 1/29/07 





